A Month Ago, Dianne Feinstein Said Cybersecurity Was Super Important... Now She Says We Should Undermine Encryption

from the which-side-is-she-on? dept

Look, everyone has known for quite some time that Senator Dianne Feinstein's big push for so-called "cybersecurity" legislation in the form of CISA had absolutely nothing to do with cybersecurity. It was always about giving another surveillance tool to her friends at the NSA. However, given that she was one of the most vocal in selling it as a "cybersecurity" bill (despite the fact that no cybersecurity experts actually thought the bill would help) it seems worth comparing her statements from just a month ago, with her new attacks on actual cybersecurity in the form of encryption.

Here is Feinstein just a month ago, claiming to worry about "cyberattacks" on Americans:
"Millions of personal records and hundreds of billions of dollars fall victim to cyber-attacks every year, and we’ve done little to stem the tide."
Of course, CISA does nothing to protect any of that. You know what does protect against that -- better use of encryption to keep that information from getting hacked in any useful manner.

Okay, fast forward. Following the Paris attacks, Feinstein has been among the most vocal in claiming that we need to undermine encryption, which is pretty amazing given that she represents California (and is from San Francisco), home to tons of tech companies that actually get this and think she's completely crazy for undermining actual cybersecurity.

Never mind that, though. Here she is this past weekend, on CBS's Face the Nation totally attacking encryption itself and mocking the tech companies that just a month ago she was insisting needed special government help to protect against cyberattacks. She was asked if the intelligence community has the tools it needs, and she decides to attack encryption -- even choosing to cite as a source CIA director John Brennan -- the same John Brennan who illegally spied on her staffers and then lied about it repeatedly.
"I can say this. [FBI] Director [James Comey] and, I think John Brennan, would agree, that the Achilles Heel in the internet is encryption. Because there are now... it's a black web! And there's no way of piercing it. And this is even in commercial products! PlayStation, John! Which our kids use. If the two ends communicate, that's encrypted. So terrorists can use PlayStation to be able to communication and there's nothing that can be done about it."
The host, John Dickerson, then points out that the tech industry (again, mostly based in or near Feinstein's hometown, and that she's supposed to be representing) says that backdooring encryption makes us less safe and opens us up to more attack, and Feinstein brushes it off, relying on her apparent years of computer security training...
No. I don't think so. I think with a court order, with good justification, all of that can be prevented. It can be prevented in Europe, because Europe has been a major driver for more encryption. And I think that they are now seeing the results. I have visited with all of the General Counsels of the tech companies, just to try to get them to take bomb building recipes off the internet. Recipes that have been tested and we know can explode a plane. Directions. Where to sit on the plane to blow it up. We know that there are bombs that can go through magnetometers. And to put that information out on the internet, is terrible. And I sorta got 'well, pass a law.' So, we may just have to do that. But I am hopeful that the companies, most of whom are my constituents -- not most, but many -- will understand what we're facing. And we're not crying wolf. There's good reason for this. And people are dying all over the world. And I think the Sinai-Russian airliner is a classic example of a bomb that got on a plane, that blew up that plane.
Where to start with this nonsense? First, note that she doesn't actually respond to the question concerning how undermining encryption will make us all less safe and make all that information Feinstein herself claimed was under attack just a month ago more vulnerable, other than to say that she, personally, doesn't think that what every computer security expert has been saying is true. Yikes.

Second, rather than focus on encryption, she pivots to her other pet projects, claiming that the government should force internet companies to censor The Anarchist's Cookbook. She keeps on this despite the fact that all the way back in 1997, the DOJ directly told Feinstein that this would violate the First Amendment. From the DOJ to Feinstein:
The First Amendment would impose substantial constraints on any attempt to proscribe indiscriminately the dissemination of bombmaking information. The government generally may not, except in rare circumstances, punish persons either for advocating lawless action or for disseminating truthful information -- including information that would be dangerous if used -- that such persons have obtained lawfully.
Third, this weird infatuation with The Anarchist's Cookbook, despite the fact that it's generally recognized as a joke for fools, where the likelihood of being able to build an actual bomb from it are minimal at best. And, while she pretends that the GCs of tech companies just sort of shrugged their shoulders about this, it's much more likely that it's because they thought she was being ridiculous trying to censor the internet in violation of the First Amendment. Whoever told her "well, pass a law" was almost certainly trying to get rid of her, knowing that any such law would be unconstitutional.

Fourth, this tangent about "bomb making instructions" online still has absolutely nothing to do with encryption or the question about how encryption makes us all much more vulnerable to attack and actually makes us all less safe.

Fifth, the comment about Europe is insane. Again, while the attackers may have used some encryption, it's been revealed (since long before Feinstein did this interview) that they did an awful lot of communicating in the clear, including unencrypted SMS and Facebook messenger. On top of that, what the hell does "Europe has been a major driver for more encryption" even mean? Perhaps it's true that they've been adopting more encryption to hide from the NSA's spying that Feinstein herself helped hide from everyone.

Sixth: the whole PlayStation thing has been debunked as a way that the Paris attackers communicated. They did not. Furthermore, she's just wrong that the PlayStation has end-to-end encryption. It does not.

Seventh, does she honestly believe that whoever blew up that Russian airplane downloaded bomb-making instructions from the internet? Also, if it were really so easy to get such instructions and get them through security, don't you think we'd have seen a lot more airplanes blown up by now?

In summary, Feinstein (a month ago) said we should all be deathly afraid of cyberattacks, and the only way to solve it was to give the government much greater access to companies' computer systems, via CISA. And, now, she insists that encryption is an "Achilles's heel" and that actual cybersecurity experts are lying when they say undermining encryption will put everyone at risk. Why? Because The Anarchist's Cookbook is online and Google won't take it down.

Is it really so much to ask for politicians to actually understand technology before they go off on ridiculous, ignorant, uninformed rants about it -- often leading to even more ridiculous and dangerous legislation?

Filed Under: cisa, cybersecurity, dianne feinstein, encryption, going dark, surveillance, terrorists


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    David, 24 Nov 2015 @ 11:45am

    You don't understand democracy.

    Is it really so much to ask for politicians to actually understand technology before they go off on ridiculous, ignorant, uninformed rants about it -- often leading to even more ridiculous and dangerous legislation?

    On any given topic, there are more people who are not specialists in it than those who are. Democracy, however, requires majorities. So it is more important to appeal to the people who don't understand an issue than to appeal to those who do understand it.

    Understanding technology before going off on ridiculous, ignorant, uninformed rants about it will greatly reduce the appeal to the bulk of your audience since you are then talking in terms and details they don't understand. And it will likely still not suffice to win those over who actually are knowledgable in some area since you cannot match their knowledge.

    So it is a dangerous distraction for a politician to know what he is talking about.

    In order to offset the rule of incompetency, the EU has added the European Council, staffed by industry experts. It turns out that the trust placed in their expertise leads to the rule of corruption instead.

    So this is no real offset to the rule of incompetency. Basically you cannot avoid democracy, but you can hope to make it better by offering good and free education to everybody so that the decisionmakers, the populace, cannot be bullshitted as easily as Feinstein manages.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: I Invented Email
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.